Moodle 2.3.x < 2.3.11 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 9421

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.3.x prior to 2.3.11 are exposed to the following vulnerabilities :

- A flaw exists that is due to the program failing to apply group constraints when handling a request from a specially crafted URL. This may allow a remote attacker to bypass authentication and login as a user outside of the groups in which they are authorized to do so. (CVE-2014-0009)
- A flaw exists as HTTP requests to 'user/profile/index.php' do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack causing the victim to delete custom user profile fields and categories. (CVE-2014-0010)

Solution

Upgrade to Moodle version 2.3.11 or later.

See Also

https://docs.moodle.org/dev/Moodle_2.3.11_release_notes

Plugin Details

Severity: Medium

ID: 9421

Family: CGI

Published: 7/21/2016

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:moodle:moodle

Patch Publication Date: 3/10/2014

Vulnerability Publication Date: 3/17/2014

Reference Information

CVE: CVE-2014-0009, CVE-2014-0010

BID: 65021, 65027